I have successfully set up the LDAP access on a 17.7 test system:* imported ca.pem of the samba server.* port 636 and ssl configured.* bind credentials work.* authentication container queried and selected.* servername of the AD server is resolvable via DNS.* AD users can be successfully authenticated with System | Access | Tester.

So far so good. But if I try to log in on the proxy with the client browser I get a loop. After the user data has been entered, the empty login dialog appears again and again.The system log file shows:Squid: LDAP bind error (Can not contact LDAP server)Squid: user 'username' could not authenticate.

Why can squid not query the AD, but the OPNsense web interface very well?

It's a browser issue. Don't use the browser proxy settings! Configure the proxy in the system settings of the os (works for Linux and Windows) and tell the browser to use the system settings. Works now like a charm!